On Fri, 22 Jul 2005, Hubert Feyrer wrote:

> In the process of creating the +CONTENTS file from the PLIST (in pkg_create) 
> we calculate MD5 checksums of all files right now, so that may be a possible 
> point to add that signing.

We should be using better hashes than MD5, these days. But yes, possibly
just signing the +CONTENTS file would do the trick. On the other hand,
it might be nice to have a generic way of signing archives--I've put in
a use case for that.

> I think there's a difference if you sign every file in an archive, or the 
> archive as a whole, and as such I'm not sure this approach is good enough.

Well, let's do a security analysis of it. It would be nice to avoid
having to ship around two separate files all the time.

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 90 7737 2974   http://www.NetBSD.org
      Make up enjoying your city life...produced by BIC CAMERA